Description

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

Remediation

References

CVE-2008-3963

Related Vulnerabilities

WordPress Plugin GiveWP-Donation and Fundraising Platform SQL Injection (2.5.0)

WordPress Plugin Advanced Classifieds & Directory Pro Cross-Site Scripting (1.7.5)

Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4667)

WordPress Plugin Essential Grid Portfolio-Photo Gallery Security Bypass (1.1.2)

WordPress Plugin CYSTEME Finder, the admin files explorer Unspecified Vulnerability (1.7)

Severity

Medium

Classification

CVE-2008-3963 CWE-134

Tags

Missing Update Known Vulnerabilities